[pkg-cryptsetup-devel] Bug#919725: Bug#919725: cryptsetup: switch to LUKS2 by default for new installs

Guilhem Moulin guilhem at debian.org
Fri Jan 18 23:30:31 GMT 2019


Hi Matt,

On Fri, 18 Jan 2019 at 15:01:59 -0800, Matt Taggart wrote:
> There was some discussion on the debian-boot list during the
> libcryptsetup transition about the format
> 
> https://lists.debian.org/debian-boot/2017/12/msg00231.html
> 
> including a comment,
> 
> "feel free to poke us again for partman-crypto when the new format
> looks mature enough so that we see about adding support for it."

Please see https://salsa.debian.org/installer-team/partman-crypto/merge_requests/1
and this thread https://www.saout.de/pipermail/dm-crypt/2018-July/005925.html .

We'd much prefer if the d-i default LUKS format was identical to the
cryptsetup(8) binary here, and we'd rather avoid a Debian-specific patch
to change the LUKS format version in the binary.  At least not without
upstream's blessing; the above thread indicates a few subtle — now fixed —
issues with libblkid for instance, so we should really be careful here).

Upstream is aware of the upcoming freeze, and AFAIK the plan is still to
release 2.1, defaulting to LUKS2, in time for Buster.  I actually
planned to bump the thread shortly before FOSDEM :-)  (Should we miss
the deadline, we'll consider a Debian-specific patch in src:cryptsetup
and ask for upstream's opinion.) 

Cheers,
-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20190119/1ed87b89/attachment.sig>


More information about the pkg-cryptsetup-devel mailing list